Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traversal Leading to RCE by Any Authenticated Mattermost User
Vulnerability Description
Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequences in filenames, potentially leading to remote code execution. The vulnerability impacts instances where file uploads and document search by content is enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true). These configuration settings are enabled by default.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对搜索路径元素未加控制
Vulnerability Title
Mattermost 安全漏洞
Vulnerability Description
Mattermost是美国Mattermost公司的一个开源协作平台。 Mattermost 10.5.5及之前的10.5.x版本、9.11.15及之前的9.11.x版本、10.8.0及之前的10.8.x版本、10.7.2及之前的10.7.x版本和10.6.5及之前的10.6.x版本存在安全漏洞,该漏洞源于未清理存档提取器中的文件名,可能导致经过认证的用户通过上传带有路径遍历序列的文件名写入任意位置。
CVSS Information
N/A
Vulnerability Type
N/A